IT Unlike Any Other

ISC Diary | An analysis of the Yahoo! passwords

Since the passwords from the Yahoo leak were plaintext, we can get a good analysis out of them. Most of these would make OK combos for your luggage.

We security folks have long preached and rightly so the virtues of a “complex” password. By increasing the size of the alphabet and the length of the password, we increase the work the bad guys must do to guess or crack the passwords. We’ve gotten in the habit of telling users that a “good” password consists of [lower case, upper case, digits, special characters] choose 3. Unfortunately, if that is all the guidance we give, users being human and, by nature, somewhat lazy will apply those rules in the easiest way.